There are legitimate and malicious Internet dialers all over the Internet. The malicious dialers redirect internet connections to a party that is not the user's default connection, such as a porn site. These dialers can connect to premium numbers and rack up huge phone bills. Dialers only work through modem-based dialup connections. Though dialup connections are not as popular as they once were, there are enough people using a dialup connection to make a malicious dialer one of the largest threats in the malware realm.

Malicious internet dialers will do things like dial and connect to a 1-900 number from the modem. The user is then charged additional fees from the content provider, vendor, or other third party that they connected to. These malicious Internet dialers are often targeted to pornographic sites, which are pay per call numbers and will charge you for the amount of time that your computer was connected. They will also often display or download pornographic material to your computer, while you are connected to the vendor. Some of these dialers will even download more malicious tools to further infect your computer.

A malicious dialer usually has the following characteristics:

• A download prompt or popup appears when opening a webpage.
• A website has only a small hint, if any, about the price of the dialer.
• The dowload starts or continues even with the user has clicked the cancel button.
• The dialer installs as the default connection without notifying the user.
• The dialer creates unwanted connections on its own, the user does not initiate the connection.
• The dialer does not display a notification of the price before dialing in.
• The price of the connection is not shown while connected.
• The dialer cannot be uninstalled, or is very difficult to remove.

Malicious internet dialers can be installed a number of ways. One way for dialers to be installed is by a trojan using code in visual basic script that changes the values in the registry and changes the Internet Explorer settings to allow the dialer to be installed when visiting a malicious site. These scripts can also disable modem speakers and connection messages, allowing the dialer to run without any outward sign of it connecting. Dialers can also be installed through trick sites, links, email and instant message attachments as well as third-party software. A user can click on a link and be sent to a malware site that prompts a user to install an ActiveX control, which will then allow the site to install the dialer in the background.

Users must take extreme caution when they are getting spam emails or unsuspected links over instant messages. New sites like MySpace are a popular way to spread malware as well. If a bulletin were made with a malicious link, it could infect multiple users on the net. Any automatic download should be canceled as soon as it is discovered. Any legitimate download will have prompts and confirmations before it is installed. It is also wise to check your internet connections periodically to make sure that the dialup numbers have not been changed. You could also protect yourself from overcharges incurred by dialers by disabling premium numbers through your phone service. Keep in mind that this will disable all premium numbers for calling or dialing, even legitimate ones.

Though dialers do not spy on users beyond monitoring numbers dialed from a modem, they are malicious due to the fact that they can cause huge financial harm to the victim by altering the connection numbers. The only way to completely avoid a malicious internet dialer is to switch to a non-dialup connection, such as DSL, Satellite or Cable. Though if a user has an Integrated Services Digital Network (ISDN) adapter or an additional analog modem, the dialer might still be able to get connected.

If you do become infected, antispyware and antivirus programs, such as StopSign, are a great way to help detect and remove malicious dialers, as well as many other forms of malware. However, the best way to prevent being infected with an Internet dialer is to use caution. Don't visit suspicious links or risky sites and always have protection software like StopSign on your computer. Scan your computer for infections frequently, especially after extensive internet usage and downloads. Do not open emails from strangers (or click on links or download attachments within the emails) until you have verified that it is from a valid source and is safe.